CIP-009 Recovery Plans for Critical Cyber Assets: NERC CIP Standard

Purpose: Standard CIP-009 ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices. Standard CIP-009 should be read as part of a group of standards numbered Standards CIP-002 through CIP-009. Responsible Entities should apply Standards CIP-002 through CIP-009 using reasonable business judgment.

Requirements:The Responsible Entity shall comply with the following requirements of Standard CIP-009:

Specify the required actions in response to events or conditions of varying duration and severity that would activate the recovery plan(s).

Define the roles and responsibilities of responders.

Exercises — The recovery plan(s) shall be exercised at least annually. An exercise of the recovery plan(s) can range from a paper drill, to a full operational exercise, to recovery from an actual incident.

Change Control — Recovery plan(s) shall be updated to reflect any changes or lessons learned
as a result of an exercise or the recovery from an actual incident. Updates shall be
communicated to personnel responsible for the activation and implementation of the recovery
plan(s) within ninety calendar days of the change.

Backup and Restore — The recovery plan(s) shall include processes and procedures for the backup and storage of information required to successfully restore Critical Cyber Assets. For example, backups may include spare electronic components or equipment, written documentation of configuration settings, tape backup, etc.

Testing Backup Media — Information essential to recovery that is stored on backup media shall be tested at least annually to ensure that the information is available. Testing can be completed off site.